Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8214100

use of keystore probing results in unnecessary exception thrown

    Details

    • Subcomponent:
    • Resolved In Build:
      b22
    • CPU:
      x86_64
    • OS:
      linux
    • Verification:
      Verified

      Backports

        Description

        ADDITIONAL SYSTEM INFORMATION :
        openjdk version "11.0.1" 2018-10-16
        OpenJDK Runtime Environment 18.9 (build 11.0.1+13)
        OpenJDK 64-Bit Server VM 18.9 (build 11.0.1+13, mixed mode)


        A DESCRIPTION OF THE PROBLEM :
        On line 1326 in the sun.security.tools.keytool.Main class:

                        // Probe for real type. A JKS can be loaded as PKCS12 because
                        // DualFormat support, vice versa.
                        keyStore = KeyStore.getInstance(f, pass);

        If the format of the keystore is not one already recognized and the required provider does not implement the new KeyStoreSpi.engineProbe() method, the supporting provider will return false and the keytool will throw an exception keytool error: java.security.KeyStoreException: Unrecognized keystore format: null.

        We are raising this as we are aware that, if the situation stays as it is, this issue will act as a significant impediment to users who simply wish to migrate to Java 11 rather than update to a BC provider that supports engineProb() as well. Although the keytool still creates files, ignoring the exception is not something a lot of our users are comfortable with.

        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        keytool -genkeypair -keyalg RSA -alias selfsigned -keysize 2048 -sigalg SHA256withRSA -keystore keystore.bcfks -keypass password -storepass password -validity 365 -storetype BCFKS -providerName BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath bc-fips-1.0.1.jar

        bc-fips-1.0.1.jar is available from https://www.bouncycastle.org/fips-java

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -

        WARNING: An illegal reflective access operation has occurred
        WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom (file:/tmp/src/bc-fips-1.0.1.jar) to method sun.security.jca.Providers.getSunProvider()
        WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom
        WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
        WARNING: All illegal access operations will be denied in a future release
        What is your first and last name?
          [Unknown]:
        What is the name of your organizational unit?
          [Unknown]:
        What is the name of your organization?
          [Unknown]:
        What is the name of your City or Locality?
          [Unknown]:
        What is the name of your State or Province?
          [Unknown]:
        What is the two-letter country code for this unit?
          [Unknown]:
        Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
          [no]: yes

        <command prompt>
        ACTUAL -
        WARNING: An illegal reflective access operation has occurred
        WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom (file:/tmp/src/bc-fips-1.0.1.jar) to method sun.security.jca.Providers.getSunProvider()
        WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom
        WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
        WARNING: All illegal access operations will be denied in a future release
        What is your first and last name?
          [Unknown]:
        What is the name of your organizational unit?
          [Unknown]:
        What is the name of your organization?
          [Unknown]:
        What is the name of your City or Locality?
          [Unknown]:
        What is the name of your State or Province?
          [Unknown]:
        What is the two-letter country code for this unit?
          [Unknown]:
        Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
          [no]: yes

        keytool error: java.security.KeyStoreException: Unrecognized keystore format: null
        <command prompt>

        ---------- BEGIN SOURCE ----------
        keytool -genkeypair -keyalg RSA -alias selfsigned -keysize 2048 -sigalg SHA256withRSA -keystore keystore.bcfks -keypass password -storepass password -validity 365 -storetype BCFKS -providerName BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath bc-fips-1.0.1.jar

        bc-fips-1.0.1.jar is available from https://www.bouncycastle.org/fips-java
        ---------- END SOURCE ----------

        CUSTOMER SUBMITTED WORKAROUND :
        The tool still creates the keystore so it is possible to ignore the exception.

        FREQUENCY : always


          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  weijun Weijun Wang
                  Reporter:
                  webbuggrp Webbug Group
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: